CVE-2006-3757

Name of the Vulnerable Software and Affected Versions Zen Cart version 1.3.0.2

Description The issue allows remote attackers to obtain sensitive information via empty array parameters, which reveals the installation path in an error message. This is achieved by manipulating the GET[], SESSION[], POST[], or COOKIE[] arrays.

Recommendations For Zen Cart version 1.3.0.2, consider restricting access to the index.php file until a patch is available, or apply configuration changes to prevent the exposure of sensitive information through error messages.